I was wondering if you guy's have any recommendations on file encryption; and what encryption software do you use/trust?
1. Generate private keys on a host that is fully disconnected from the network using an OS image dedicated to that purpose.
2. Make backups, on paper, keep them in separate locations, take reasonable precautions to make sure that root keys are recoverable. Be aware of how this compromises your security, and what tripwires and alarms you need to have in place to deal with those vulnerabilities.
3. Do create intermediate signing keys, you shouldn't need to open the vault to create an email alias or process a new hire.
4. Do re-key on a schedule. Do not generate fresh keys ahead of time.
5. You are not MI-6 or the NSA, you will screw it up. Have a plan for when that happens.
Encfs and Truecrypt for encrypted file stores
GnuPG for encrypted files and email
Enigmail to integrate GnuPG with Thunderbird